/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
 * Stuff specific to S/MIME policy and interoperability.
 * Depends on PKCS7, but there should be no dependency the other way around.
 */

#include "secmime.h"
#include "secoid.h"
#include "pk11func.h"
#include "ciferfam.h"	/* for CIPHER_FAMILY symbols */
#include "secasn1.h"
#include "secitem.h"
#include "cert.h"
#include "key.h"
#include "secerr.h"

typedef struct smime_cipher_map_struct {
    unsigned long cipher;
    SECOidTag algtag;
    SECItem *parms;
} smime_cipher_map;

/*
 * These are macros because I think some subsequent parameters,
 * like those for RC5, will want to use them, too, separately.
 */
#define SMIME_DER_INTVAL_16	SEC_ASN1_INTEGER, 0x01, 0x10
#define SMIME_DER_INTVAL_40	SEC_ASN1_INTEGER, 0x01, 0x28
#define SMIME_DER_INTVAL_64	SEC_ASN1_INTEGER, 0x01, 0x40
#define SMIME_DER_INTVAL_128	SEC_ASN1_INTEGER, 0x02, 0x00, 0x80

#ifdef SMIME_DOES_RC5	/* will be needed; quiet unused warning for now */
static unsigned char smime_int16[] = { SMIME_DER_INTVAL_16 };
#endif
static unsigned char smime_int40[] = { SMIME_DER_INTVAL_40 };
static unsigned char smime_int64[] = { SMIME_DER_INTVAL_64 };
static unsigned char smime_int128[] = { SMIME_DER_INTVAL_128 };

static SECItem smime_rc2p40 = { siBuffer, smime_int40, sizeof(smime_int40) };
static SECItem smime_rc2p64 = { siBuffer, smime_int64, sizeof(smime_int64) };
static SECItem smime_rc2p128 = { siBuffer, smime_int128, sizeof(smime_int128) };

static smime_cipher_map smime_cipher_maps[] = {
    { SMIME_RC2_CBC_40,		SEC_OID_RC2_CBC,	&smime_rc2p40 },
    { SMIME_RC2_CBC_64,		SEC_OID_RC2_CBC,	&smime_rc2p64 },
    { SMIME_RC2_CBC_128,	SEC_OID_RC2_CBC,	&smime_rc2p128 },
#ifdef SMIME_DOES_RC5
    { SMIME_RC5PAD_64_16_40,	SEC_OID_RC5_CBC_PAD,	&smime_rc5p40 },
    { SMIME_RC5PAD_64_16_64,	SEC_OID_RC5_CBC_PAD,	&smime_rc5p64 },
    { SMIME_RC5PAD_64_16_128,	SEC_OID_RC5_CBC_PAD,	&smime_rc5p128 },
#endif
    { SMIME_DES_CBC_56,		SEC_OID_DES_CBC,	NULL },
    { SMIME_DES_EDE3_168,	SEC_OID_DES_EDE3_CBC,	NULL }
};

/*
 * Note, the following value really just needs to be an upper bound
 * on the ciphers.
 */
static const int smime_symmetric_count = sizeof(smime_cipher_maps)
					 / sizeof(smime_cipher_map);

static unsigned long *smime_prefs, *smime_newprefs;
static int smime_current_pref_index = 0;
static PRBool smime_prefs_complete = PR_FALSE;
static PRBool smime_prefs_changed = PR_TRUE;

static unsigned long smime_policy_bits = 0;


static int
smime_mapi_by_cipher (unsigned long cipher)
{
    int i;

    for (i = 0; i < smime_symmetric_count; i++) {
	if (smime_cipher_maps[i].cipher == cipher)
	    break;
    }

    if (i == smime_symmetric_count)
	return -1;

    return i;
}


/*
 * this function locally records the user's preference
 */
SECStatus 
SECMIME_EnableCipher(long which, int on)
{
    unsigned long mask;

    if (smime_newprefs == NULL || smime_prefs_complete) {
	/*
	 * This is either the very first time, or we are starting over.
	 */
	smime_newprefs = (unsigned long*)PORT_ZAlloc (smime_symmetric_count
				      * sizeof(*smime_newprefs));
	if (smime_newprefs == NULL)
	    return SECFailure;
	smime_current_pref_index = 0;
	smime_prefs_complete = PR_FALSE;
    }

    mask = which & CIPHER_FAMILYID_MASK;
    if (mask == CIPHER_FAMILYID_MASK) {
    	/*
	 * This call signifies that all preferences have been set.
	 * Move "newprefs" over, after checking first whether or
	 * not the new ones are different from the old ones.
	 */
	if (smime_prefs != NULL) {
	    if (PORT_Memcmp (smime_prefs, smime_newprefs,
			     smime_symmetric_count * sizeof(*smime_prefs)) == 0)
		smime_prefs_changed = PR_FALSE;
	    else
		smime_prefs_changed = PR_TRUE;
	    PORT_Free (smime_prefs);
	}

	smime_prefs = smime_newprefs;
	smime_prefs_complete = PR_TRUE;
	return SECSuccess;
    }

    PORT_Assert (mask == CIPHER_FAMILYID_SMIME);
    if (mask != CIPHER_FAMILYID_SMIME) {
	/* XXX set an error! */
    	return SECFailure;
    }

    if (on) {
	PORT_Assert (smime_current_pref_index < smime_symmetric_count);
	if (smime_current_pref_index >= smime_symmetric_count) {
	    /* XXX set an error! */
	    return SECFailure;
	}

	smime_newprefs[smime_current_pref_index++] = which;
    }

    return SECSuccess;
}


/*
 * this function locally records the export policy
 */
SECStatus 
SECMIME_SetPolicy(long which, int on)
{
    unsigned long mask;

    PORT_Assert ((which & CIPHER_FAMILYID_MASK) == CIPHER_FAMILYID_SMIME);
    if ((which & CIPHER_FAMILYID_MASK) != CIPHER_FAMILYID_SMIME) {
	/* XXX set an error! */
    	return SECFailure;
    }

    which &= ~CIPHER_FAMILYID_MASK;

    PORT_Assert (which < 32);	/* bits in the long */
    if (which >= 32) {
	/* XXX set an error! */
    	return SECFailure;
    }

    mask = 1UL << which;

    if (on) {
    	smime_policy_bits |= mask;
    } else {
    	smime_policy_bits &= ~mask;
    }

    return SECSuccess;
}


/*
 * Based on the given algorithm (including its parameters, in some cases!)
 * and the given key (may or may not be inspected, depending on the
 * algorithm), find the appropriate policy algorithm specification
 * and return it.  If no match can be made, -1 is returned.
 */
static long
smime_policy_algorithm (SECAlgorithmID *algid, PK11SymKey *key)
{
    SECOidTag algtag;

    algtag = SECOID_GetAlgorithmTag (algid);
    switch (algtag) {
      case SEC_OID_RC2_CBC:
	{
	    unsigned int keylen_bits;

	    keylen_bits = PK11_GetKeyStrength (key, algid);
	    switch (keylen_bits) {
	      case 40:
		return SMIME_RC2_CBC_40;
	      case 64:
		return SMIME_RC2_CBC_64;
	      case 128:
		return SMIME_RC2_CBC_128;
	      default:
		break;
	    }
	}
	break;
      case SEC_OID_DES_CBC:
	return SMIME_DES_CBC_56;
      case SEC_OID_DES_EDE3_CBC:
	return SMIME_DES_EDE3_168;
#ifdef SMIME_DOES_RC5
      case SEC_OID_RC5_CBC_PAD:
	PORT_Assert (0);	/* XXX need to pull out parameters and match */
	break;
#endif
      default:
	break;
    }

    return -1;
}


static PRBool
smime_cipher_allowed (unsigned long which)
{
    unsigned long mask;

    which &= ~CIPHER_FAMILYID_MASK;
    PORT_Assert (which < 32);	/* bits per long (min) */
    if (which >= 32)
	return PR_FALSE;

    mask = 1UL << which;
    if ((mask & smime_policy_bits) == 0)
	return PR_FALSE;

    return PR_TRUE;
}


PRBool
SECMIME_DecryptionAllowed(SECAlgorithmID *algid, PK11SymKey *key)
{
    long which;

    which = smime_policy_algorithm (algid, key);
    if (which < 0)
	return PR_FALSE;

    return smime_cipher_allowed ((unsigned long)which);
}


/*
 * Does the current policy allow *any* S/MIME encryption (or decryption)?
 *
 * This tells whether or not *any* S/MIME encryption can be done,
 * according to policy.  Callers may use this to do nicer user interface
 * (say, greying out a checkbox so a user does not even try to encrypt
 * a message when they are not allowed to) or for any reason they want
 * to check whether S/MIME encryption (or decryption, for that matter)
 * may be done.
 *
 * It takes no arguments.  The return value is a simple boolean:
 *   PR_TRUE means encryption (or decryption) is *possible*
 *	(but may still fail due to other reasons, like because we cannot
 *	find all the necessary certs, etc.; PR_TRUE is *not* a guarantee)
 *   PR_FALSE means encryption (or decryption) is not permitted
 *
 * There are no errors from this routine.
 */
PRBool
SECMIME_EncryptionPossible (void)
{
    if (smime_policy_bits != 0)
	return PR_TRUE;

    return PR_FALSE;
}


/*
 * XXX Would like the "parameters" field to be a SECItem *, but the
 * encoder is having trouble with optional pointers to an ANY.  Maybe
 * once that is fixed, can change this back...
 */
typedef struct smime_capability_struct {
    unsigned long cipher;	/* local; not part of encoding */
    SECOidTag capIDTag;		/* local; not part of encoding */
    SECItem capabilityID;
    SECItem parameters;
} smime_capability;

static const SEC_ASN1Template smime_capability_template[] = {
    { SEC_ASN1_SEQUENCE,
	  0, NULL, sizeof(smime_capability) },
    { SEC_ASN1_OBJECT_ID,
	  offsetof(smime_capability,capabilityID), },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
	  offsetof(smime_capability,parameters), },
    { 0, }
};

static const SEC_ASN1Template smime_capabilities_template[] = {
    { SEC_ASN1_SEQUENCE_OF, 0, smime_capability_template }
};



static void
smime_fill_capability (smime_capability *cap)
{
    unsigned long cipher;
    SECOidTag algtag;
    int i;

    algtag = SECOID_FindOIDTag (&(cap->capabilityID));

    for (i = 0; i < smime_symmetric_count; i++) {
	if (smime_cipher_maps[i].algtag != algtag)
	    continue;
	/*
	 * XXX If SECITEM_CompareItem allowed NULLs as arguments (comparing
	 * 2 NULLs as equal and NULL and non-NULL as not equal), we could
	 * use that here instead of all of the following comparison code.
	 */
	if (cap->parameters.data != NULL) {
	    if (smime_cipher_maps[i].parms == NULL)
		continue;
	    if (cap->parameters.len != smime_cipher_maps[i].parms->len)
		continue;
	    if (PORT_Memcmp (cap->parameters.data,
			     smime_cipher_maps[i].parms->data,
			     cap->parameters.len) == 0)
		break;
	} else if (smime_cipher_maps[i].parms == NULL) {
	    break;
	}
    }

    if (i == smime_symmetric_count)
	cipher = 0;
    else
	cipher = smime_cipher_maps[i].cipher;

    cap->cipher = cipher;
    cap->capIDTag = algtag;
}


static long
smime_choose_cipher (CERTCertificate *scert, CERTCertificate **rcerts)
{
    PLArenaPool *poolp;
    long chosen_cipher;
    int *cipher_abilities;
    int *cipher_votes;
    int strong_mapi;
    int rcount, mapi, max;

    if (smime_policy_bits == 0) {
	PORT_SetError (SEC_ERROR_BAD_EXPORT_ALGORITHM);
	return -1;
    }

    chosen_cipher = SMIME_RC2_CBC_40;		/* the default, LCD */

    poolp = PORT_NewArena (1024);		/* XXX what is right value? */
    if (poolp == NULL)
	goto done;

    cipher_abilities = (int*)PORT_ArenaZAlloc (poolp,
					 smime_symmetric_count * sizeof(int));
    if (cipher_abilities == NULL)
	goto done;

    cipher_votes = (int*)PORT_ArenaZAlloc (poolp,
				     smime_symmetric_count * sizeof(int));
    if (cipher_votes == NULL)
	goto done;

    /*
     * XXX Should have a #define somewhere which specifies default
     * strong cipher.  (Or better, a way to configure.)
     */

    /* Make triple-DES the strong cipher. */
    strong_mapi = smime_mapi_by_cipher (SMIME_DES_EDE3_168);

    PORT_Assert (strong_mapi >= 0);

    for (rcount = 0; rcerts[rcount] != NULL; rcount++) {
	SECItem *profile;
	smime_capability **caps;
	int capi, pref;
	SECStatus dstat;

	pref = smime_symmetric_count;
	profile = CERT_FindSMimeProfile (rcerts[rcount]);
	if (profile != NULL && profile->data != NULL && profile->len > 0) {
	    caps = NULL;
	    dstat = SEC_QuickDERDecodeItem (poolp, &caps,
					smime_capabilities_template,
					profile);
	    if (dstat == SECSuccess && caps != NULL) {
		for (capi = 0; caps[capi] != NULL; capi++) {
		    smime_fill_capability (caps[capi]);
		    mapi = smime_mapi_by_cipher (caps[capi]->cipher);
		    if (mapi >= 0) {
			cipher_abilities[mapi]++;
			cipher_votes[mapi] += pref;
			--pref;
		    }
		}
	    }
	} else {
	    SECKEYPublicKey *key;
	    unsigned int pklen_bits;

	    /*
	     * XXX This is probably only good for RSA keys.  What I would
	     * really like is a function to just say;  Is the public key in
	     * this cert an export-length key?  Then I would not have to
	     * know things like the value 512, or the kind of key, or what
	     * a subjectPublicKeyInfo is, etc.
	     */
	    key = CERT_ExtractPublicKey (rcerts[rcount]);
	    if (key != NULL) {
		pklen_bits = SECKEY_PublicKeyStrength (key) * 8;
		SECKEY_DestroyPublicKey (key);

		if (pklen_bits > 512) {
		    cipher_abilities[strong_mapi]++;
		    cipher_votes[strong_mapi] += pref;
		}
	    }
	}
	if (profile != NULL)
	    SECITEM_FreeItem (profile, PR_TRUE);
    }

    max = 0;
    for (mapi = 0; mapi < smime_symmetric_count; mapi++) {
	if (cipher_abilities[mapi] != rcount)
	    continue;
	if (! smime_cipher_allowed (smime_cipher_maps[mapi].cipher))
	    continue;
	if (cipher_votes[mapi] > max) {
	    chosen_cipher = smime_cipher_maps[mapi].cipher;
	    max = cipher_votes[mapi];
	} /* XXX else if a tie, let scert break it? */
    }

done:
    if (poolp != NULL)
	PORT_FreeArena (poolp, PR_FALSE);

    return chosen_cipher;
}


/*
 * XXX This is a hack for now to satisfy our current interface.
 * Eventually, with more parameters needing to be specified, just
 * looking up the keysize is not going to be sufficient.
 */
static int
smime_keysize_by_cipher (unsigned long which)
{
    int keysize;

    switch (which) {
      case SMIME_RC2_CBC_40:
	keysize = 40;
	break;
      case SMIME_RC2_CBC_64:
	keysize = 64;
	break;
      case SMIME_RC2_CBC_128:
	keysize = 128;
	break;
#ifdef SMIME_DOES_RC5
      case SMIME_RC5PAD_64_16_40:
      case SMIME_RC5PAD_64_16_64:
      case SMIME_RC5PAD_64_16_128:
	/* XXX See comment above; keysize is not enough... */
	PORT_Assert (0);
	PORT_SetError (SEC_ERROR_INVALID_ALGORITHM);
	keysize = -1;
	break;
#endif
      case SMIME_DES_CBC_56:
      case SMIME_DES_EDE3_168:
	/*
	 * These are special; since the key size is fixed, we actually
	 * want to *avoid* specifying a key size.
	 */
	keysize = 0;
	break;
      default:
	keysize = -1;
	break;
    }

    return keysize;
}


/*
 * Start an S/MIME encrypting context.
 *
 * "scert" is the cert for the sender.  It will be checked for validity.
 * "rcerts" are the certs for the recipients.  They will also be checked.
 *
 * "certdb" is the cert database to use for verifying the certs.
 * It can be NULL if a default database is available (like in the client).
 *
 * This function already does all of the stuff specific to S/MIME protocol
 * and local policy; the return value just needs to be passed to
 * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
 * and finally to SEC_PKCS7DestroyContentInfo().
 *
 * An error results in a return value of NULL and an error set.
 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
 */
SEC_PKCS7ContentInfo *
SECMIME_CreateEncrypted(CERTCertificate *scert,
			CERTCertificate **rcerts,
			CERTCertDBHandle *certdb,
			SECKEYGetPasswordKey pwfn,
			void *pwfn_arg)
{
    SEC_PKCS7ContentInfo *cinfo;
    long cipher;
    SECOidTag encalg;
    int keysize;
    int mapi, rci;

    cipher = smime_choose_cipher (scert, rcerts);
    if (cipher < 0)
	return NULL;

    mapi = smime_mapi_by_cipher (cipher);
    if (mapi < 0)
	return NULL;

    /*
     * XXX This is stretching it -- CreateEnvelopedData should probably
     * take a cipher itself of some sort, because we cannot know what the
     * future will bring in terms of parameters for each type of algorithm.
     * For example, just an algorithm and keysize is *not* sufficient to
     * fully specify the usage of RC5 (which also needs to know rounds and
     * block size).  Work this out into a better API!
     */
    encalg = smime_cipher_maps[mapi].algtag;
    keysize = smime_keysize_by_cipher (cipher);
    if (keysize < 0)
	return NULL;

    cinfo = SEC_PKCS7CreateEnvelopedData (scert, certUsageEmailRecipient,
					  certdb, encalg, keysize,
					  pwfn, pwfn_arg);
    if (cinfo == NULL)
	return NULL;

    for (rci = 0; rcerts[rci] != NULL; rci++) {
	if (rcerts[rci] == scert)
	    continue;
	if (SEC_PKCS7AddRecipient (cinfo, rcerts[rci], certUsageEmailRecipient,
				   NULL) != SECSuccess) {
	    SEC_PKCS7DestroyContentInfo (cinfo);
	    return NULL;
	}
    }

    return cinfo;
}


static smime_capability **smime_capabilities;
static SECItem *smime_encoded_caps;


static SECStatus
smime_init_caps (void)
{
    smime_capability *cap;
    smime_cipher_map *map;
    SECOidData *oiddata;
    SECStatus rv;
    int i;

    if (smime_encoded_caps != NULL && (! smime_prefs_changed))
	return SECSuccess;

    if (smime_encoded_caps != NULL) {
	SECITEM_FreeItem (smime_encoded_caps, PR_TRUE);
	smime_encoded_caps = NULL;
    }

    if (smime_capabilities == NULL) {
	smime_capabilities = (smime_capability**)PORT_ZAlloc (
					  (smime_symmetric_count + 1)
					  * sizeof(smime_capability *));
	if (smime_capabilities == NULL)
	    return SECFailure;
    }

    rv = SECFailure;

    /* 
       The process of creating the encoded PKCS7 cipher capability list
       involves two basic steps: 

       (a) Convert our internal representation of cipher preferences 
           (smime_prefs) into an array containing cipher OIDs and 
	   parameter data (smime_capabilities). This step is
	   performed here.

       (b) Encode, using ASN.1, the cipher information in 
           smime_capabilities, leaving the encoded result in 
	   smime_encoded_caps.

       (In the process of performing (a), Lisa put in some optimizations
       which allow us to avoid needlessly re-populating elements in 
       smime_capabilities as we walk through smime_prefs.)
    */
    for (i = 0; i < smime_current_pref_index; i++) {
	int mapi;

	/* Get the next cipher preference in smime_prefs. */
	mapi = smime_mapi_by_cipher (smime_prefs[i]);
	if (mapi < 0)
	    break;

	/* Find the corresponding entry in the cipher map. */
	PORT_Assert (mapi < smime_symmetric_count);
	map = &(smime_cipher_maps[mapi]);

	/*
	 * Convert the next preference found in smime_prefs into an
	 * smime_capability.
	 */

	cap = smime_capabilities[i];
	if (cap == NULL) {
	    cap = (smime_capability*)PORT_ZAlloc (sizeof(smime_capability));
	    if (cap == NULL)
		break;
	    smime_capabilities[i] = cap;
	} else if (cap->cipher == smime_prefs[i]) {
	    continue;		/* no change to this one */
	}

	cap->capIDTag = map->algtag;
	oiddata = SECOID_FindOIDByTag (map->algtag);
	if (oiddata == NULL)
	    break;

	if (cap->capabilityID.data != NULL) {
	    SECITEM_FreeItem (&(cap->capabilityID), PR_FALSE);
	    cap->capabilityID.data = NULL;
	    cap->capabilityID.len = 0;
	}

	rv = SECITEM_CopyItem (NULL, &(cap->capabilityID), &(oiddata->oid));
	if (rv != SECSuccess)
	    break;

	if (map->parms == NULL) {
	    cap->parameters.data = NULL;
	    cap->parameters.len = 0;
	} else {
	    cap->parameters.data = map->parms->data;
	    cap->parameters.len = map->parms->len;
	}

	cap->cipher = smime_prefs[i];
    }

    if (i != smime_current_pref_index)
	return rv;

    while (i < smime_symmetric_count) {
	cap = smime_capabilities[i];
	if (cap != NULL) {
	    SECITEM_FreeItem (&(cap->capabilityID), PR_FALSE);
	    PORT_Free (cap);
	}
	smime_capabilities[i] = NULL;
	i++;
    }
    smime_capabilities[i] = NULL;

    smime_encoded_caps = SEC_ASN1EncodeItem (NULL, NULL, &smime_capabilities,
					     smime_capabilities_template);
    if (smime_encoded_caps == NULL)
	return SECFailure;

    return SECSuccess;
}


static SECStatus
smime_add_profile (CERTCertificate *cert, SEC_PKCS7ContentInfo *cinfo)
{
    PORT_Assert (smime_prefs_complete);
    if (! smime_prefs_complete)
	return SECFailure;

    /* For that matter, if capabilities haven't been initialized yet,
       do so now. */
    if (smime_encoded_caps == NULL || smime_prefs_changed) {
	SECStatus rv;

	rv = smime_init_caps();
	if (rv != SECSuccess)
	    return rv;

	PORT_Assert (smime_encoded_caps != NULL);
    }

    return SEC_PKCS7AddSignedAttribute (cinfo, SEC_OID_PKCS9_SMIME_CAPABILITIES,
					smime_encoded_caps);
}


/*
 * Start an S/MIME signing context.
 *
 * "scert" is the cert that will be used to sign the data.  It will be
 * checked for validity.
 *
 * "ecert" is the signer's encryption cert.  If it is different from
 * scert, then it will be included in the signed message so that the
 * recipient can save it for future encryptions.
 *
 * "certdb" is the cert database to use for verifying the cert.
 * It can be NULL if a default database is available (like in the client).
 * 
 * "digestalg" names the digest algorithm (e.g. SEC_OID_SHA1).
 * XXX There should be SECMIME functions for hashing, or the hashing should
 * be built into this interface, which we would like because we would
 * support more smartcards that way, and then this argument should go away.)
 *
 * "digest" is the actual digest of the data.  It must be provided in
 * the case of detached data or NULL if the content will be included.
 *
 * This function already does all of the stuff specific to S/MIME protocol
 * and local policy; the return value just needs to be passed to
 * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
 * and finally to SEC_PKCS7DestroyContentInfo().
 *
 * An error results in a return value of NULL and an error set.
 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
 */

SEC_PKCS7ContentInfo *
SECMIME_CreateSigned (CERTCertificate *scert,
		      CERTCertificate *ecert,
		      CERTCertDBHandle *certdb,
		      SECOidTag digestalg,
		      SECItem *digest,
		      SECKEYGetPasswordKey pwfn,
		      void *pwfn_arg)
{
    SEC_PKCS7ContentInfo *cinfo;
    SECStatus rv;

    /* See note in header comment above about digestalg. */
    /* Doesn't explain this. PORT_Assert (digestalg == SEC_OID_SHA1); */

    cinfo = SEC_PKCS7CreateSignedData (scert, certUsageEmailSigner,
				       certdb, digestalg, digest,
				       pwfn, pwfn_arg);
    if (cinfo == NULL)
	return NULL;

    if (SEC_PKCS7IncludeCertChain (cinfo, NULL) != SECSuccess) {
	SEC_PKCS7DestroyContentInfo (cinfo);
	return NULL;
    }

    /* if the encryption cert and the signing cert differ, then include
     * the encryption cert too.
     */
    /* it is ok to compare the pointers since we ref count, and the same
     * cert will always have the same pointer
     */
    if ( ( ecert != NULL ) && ( ecert != scert ) ) {
	rv = SEC_PKCS7AddCertificate(cinfo, ecert);
	if ( rv != SECSuccess ) {
	    SEC_PKCS7DestroyContentInfo (cinfo);
	    return NULL;
	}
    }
    /*
     * Add the signing time.  But if it fails for some reason,
     * may as well not give up altogether -- just assert.
     */
    rv = SEC_PKCS7AddSigningTime (cinfo);
    PORT_Assert (rv == SECSuccess);

    /*
     * Add the email profile.  Again, if it fails for some reason,
     * may as well not give up altogether -- just assert.
     */
    rv = smime_add_profile (ecert, cinfo);
    PORT_Assert (rv == SECSuccess);

    return cinfo;
}
